Recent CVEs
CVE-2024-43006
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.
MEDIUM
Aug 16, 2024
CVE-2019-1010151
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.
UNKNOWN
Jul 19, 2019